1. Field of the Invention
The present invention relates to a method and a system thereof for secure authentication in a wireless network, and more particularly, to a method and a system thereof for secure authentication in a distributed wireless network.
2. Description of the Related Art
The extensible authentication protocol transport layer security (EAP-TLS) is a security protocol widely applied in the wireless network. The configuration of a conventional wireless network is as shown in FIG. 1. The wireless network of FIG. 1 comprises an authentication server (a.k.a. AAA server for authentication, authorization and accounting) 101, a gateway 111, the access points 121 and 122, and the client devices 131˜133. The authentication process of the conventional EAP-TLS is as shown in FIG. 2 starting from step 210.
It is assumed that the client device 132 requires the services. First, in step 210, the AAA server 101 and the client device 132 authenticate each other. Then, in step 220, the AAA server 101 and the client device 132 generate a TLS master secret jointly. Then, in step 230, the AAA server 101 transmits the TLS master secret to the access point 121 to generate a wired-equivalence privacy key (WEP key) that is subsequently used to encrypt the communication link between the client device 132 and the access point 121.
The conventional method has a couple of disadvantages. The first disadvantage is, since the AAA server is managed in a centralized manner, if the AAA server fails, the system is not able to provide the services. For example, the new user cannot be successfully authenticated and the on-line user cannot be re-authenticated periodically.
The second disadvantage of the conventional method is, even though the client device and the AAA server can authenticate each other, the present client device cannot successfully query the certificate status of the AAA server, namely it is not possible to query whether the certificate of the AAA server is legitimate and valid or not. The querying step is ignored in the conventional method, thus a security risk is raised and it is hard to deal with the certificate revocation.
The third disadvantage of the conventional method is, since the AAA server usually transmits the TLS master secret to the access point in plain text and the AAA server usually is a remote server, there will be a high risk for transmitting the TLS master secret transmit to the remote network.